ClawHub

Google Workspace Ops

v1.0.1

Operate across Google Drive, Docs, Sheets, and Slides as unified workflow. Find, summarize, edit, migrate, or clean shared documents. Trigger phrases: find d...

0· 43·0 current·0 all-time
byDeonte Cooper@djc00p
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Google Workspace operations) align with the required environment variable (GOOGLE_APPLICATION_CREDENTIALS). No unrelated env vars, binaries, or config paths are requested that would be out of scope.
Instruction Scope
SKILL.md is high-level guidance for finding/inspecting/editing Workspace assets and does not instruct reading unrelated local files or transmitting data to unexpected endpoints. It is vague about exact API calls or how credentials are used, which is acceptable for an instruction-only skill but leaves implementation details to the agent.
Install Mechanism
No install spec and no code files — lowest-risk delivery model. Nothing is downloaded or written to disk by the skill package itself.
Credentials
Only GOOGLE_APPLICATION_CREDENTIALS is required, which is proportionate to Google Workspace access. However the skill metadata does not designate a primaryEnv and the service-account JSON referenced by that env var can grant broad access depending on how it's configured — least-privilege credentials are recommended.
Persistence & Privilege
always is false (good). The skill allows normal autonomous invocation (disable-model-invocation is false by default). That is standard but means an agent with access to GOOGLE_APPLICATION_CREDENTIALS could perform operations without the user re-confirming each action; consider this when granting credentials.
Assessment
This instruction-only skill is coherent for Google Workspace maintenance, but verify before installing: 1) Only provide a dedicated service account JSON via GOOGLE_APPLICATION_CREDENTIALS with the minimal permissions needed (Drive, Docs, Sheets, Slides APIs) — do not use owner or broad project credentials. 2) Prefer a scoped service account and/or domain-limited access; audit and rotate the key regularly. 3) Because the agent can be invoked autonomously by default, decide whether you want to allow automated edits: disable autonomous invocation or require explicit confirmation if available. 4) Because the skill's source/homepage are unknown, treat it as unreviewed: test in a low-risk account/folder first and monitor Drive audit logs for unexpected activity. 5) If you need higher assurance, ask the publisher for provenance, the exact auth model they expect, or a primaryEnv declaration pointing to GOOGLE_APPLICATION_CREDENTIALS.

Like a lobster shell, security has layers — review code before you run it.

latestvk970w5dhedp58werskx24jfawx84bkr1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
OSLinux · macOS · Windows
EnvGOOGLE_APPLICATION_CREDENTIALS

Comments